[ 13.795283][ T252] ip (252) used greatest stack depth: 24032 bytes left
[ 18.153105][ T313] ==================================================================
[ 18.153452][ T313] BUG: KASAN: slab-use-after-free in emit_its_trampoline+0xa5/0x300
[ 18.153709][ T313] Read of size 1 at addr ffff888001932720 by task modprobe/313
[ 18.153956][ T313]
[ 18.154043][ T313] CPU: 2 UID: 0 PID: 313 Comm: modprobe Not tainted 6.16.0-rc2-virtme #1 PREEMPT(full)
[ 18.154048][ T313] Hardware name: Bochs Bochs, BIOS Bochs 01/01/2011
[ 18.154050][ T313] Call Trace:
[ 18.154052][ T313]
[ 18.154054][ T313] dump_stack_lvl+0x82/0xd0
[ 18.154061][ T313] print_address_description.constprop.0+0x2c/0x400
[ 18.154067][ T313] ? emit_its_trampoline+0xa5/0x300
[ 18.154071][ T313] print_report+0xb4/0x270
[ 18.154075][ T313] ? emit_its_trampoline+0xa5/0x300
[ 18.154078][ T313] ? kasan_addr_to_slab+0x25/0x80
[ 18.154082][ T313] ? emit_its_trampoline+0xa5/0x300
[ 18.154085][ T313] kasan_report+0xca/0x100
[ 18.154089][ T313] ? emit_its_trampoline+0xa5/0x300
[ 18.154094][ T313] ? emit_its_trampoline+0xa5/0x300
[ 18.154097][ T313] __kasan_check_byte+0x3a/0x50
[ 18.154101][ T313] krealloc_noprof+0x3d/0x320
[ 18.154105][ T313] ? execmem_alloc+0xc0/0x240
[ 18.154112][ T313] emit_its_trampoline+0xa5/0x300
[ 18.154115][ T313] ? __x86_indirect_paranoid_thunk_rax+0x2/0x2
[ 18.154121][ T313] ? __do_softirq+0x10/0x10
[ 18.154126][ T313] apply_retpolines+0xcf/0x550
[ 18.154131][ T313] ? __pfx_apply_retpolines+0x10/0x10
[ 18.154135][ T313] ? __pfx___mutex_lock+0x10/0x10
[ 18.154141][ T313] ? irqentry_exit+0x3b/0x90
[ 18.154145][ T313] ? lockdep_hardirqs_on+0x7c/0x110
[ 18.154151][ T313] module_finalize+0x3d5/0x9d0
[ 18.154159][ T313] ? add_kallsyms+0x8d7/0xf40
[ 18.154164][ T313] ? __pfx_module_finalize+0x10/0x10
[ 18.154169][ T313] ? __pfx_cmp_ex_sort+0x10/0x10
[ 18.154172][ T313] ? __pfx_swap_ex+0x10/0x10
[ 18.154176][ T313] load_module+0x139a/0x2660
[ 18.154183][ T313] ? __pfx_load_module+0x10/0x10
[ 18.154186][ T313] ? kernel_read_file+0x3f5/0x550
[ 18.154192][ T313] ? kernel_read_file+0x3d0/0x550
[ 18.154197][ T313] ? __pfx_kernel_read_file+0x10/0x10
[ 18.154202][ T313] ? init_module_from_file+0xe9/0x150
[ 18.154205][ T313] init_module_from_file+0xe9/0x150
[ 18.154208][ T313] ? __pfx_init_module_from_file+0x10/0x10
[ 18.154216][ T313] ? idempotent_init_module+0x31a/0x620
[ 18.154218][ T313] ? __lock_release+0x5d/0x170
[ 18.154223][ T313] ? do_raw_spin_unlock+0x58/0x220
[ 18.154228][ T313] idempotent_init_module+0x335/0x620
[ 18.154232][ T313] ? __pfx_idempotent_init_module+0x10/0x10
[ 18.154238][ T313] ? cap_capable+0x94/0x230
[ 18.154245][ T313] __x64_sys_finit_module+0xca/0x150
[ 18.154248][ T313] ? do_syscall_64+0x85/0x380
[ 18.154251][ T313] do_syscall_64+0xc1/0x380
[ 18.154254][ T313] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 18.154258][ T313] RIP: 0033:0x7f62353cae5d
[ 18.154262][ T313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 90 f3 0f 1e fa 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 73 9f 1b 00 f7 d8 64 89 01 48
[ 18.154265][ T313] RSP: 002b:00007ffea2cc92a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 18.154269][ T313] RAX: ffffffffffffffda RBX: 000055feb03d4c80 RCX: 00007f62353cae5d
[ 18.154271][ T313] RDX: 0000000000000000 RSI: 000055fe8c405a2a RDI: 0000000000000000
[ 18.154273][ T313] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007ffea2cc93e0
[ 18.154274][ T313] R10: 0000000000000000 R11: 0000000000000246 R12: 000055fe8c405a2a
[ 18.154276][ T313] R13: 000055feb03d4d40 R14: 000055feb03d4dc0 R15: 000055feb03d4cec
[ 18.154282][ T313]
[ 18.154284][ T313]
[ 18.164682][ T313] Allocated by task 299:
[ 18.164811][ T313] kasan_save_stack+0x24/0x50
[ 18.164998][ T313] kasan_save_track+0x14/0x30
[ 18.165165][ T313] __kasan_kmalloc+0x7f/0x90
[ 18.165329][ T313] __kmalloc_noprof+0x1d4/0x470
[ 18.165495][ T313] virtqueue_add_split+0x6a3/0x1920
[ 18.165663][ T313] virtqueue_add_sgs+0x143/0x270
[ 18.165828][ T313] virtio_fs_enqueue_req+0x58c/0xfe0
[ 18.165996][ T313] virtio_fs_send_req+0x13a/0x710
[ 18.166163][ T313] __fuse_simple_request+0x22a/0xb50
[ 18.166332][ T313] fuse_file_put+0x170/0x1f0
[ 18.166499][ T313] fuse_release+0x134/0x1c0
[ 18.166665][ T313] __fput+0x35c/0xa80
[ 18.166800][ T313] task_work_run+0x134/0x220
[ 18.166999][ T313] do_exit+0x594/0xe90
[ 18.167131][ T313] do_group_exit+0xb8/0x260
[ 18.167301][ T313] __x64_sys_exit_group+0x3e/0x50
[ 18.167476][ T313] x64_sys_call+0xf76/0x18a0
[ 18.167648][ T313] do_syscall_64+0xc1/0x380
[ 18.167816][ T313] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 18.168038][ T313]
[ 18.168121][ T313] Freed by task 237:
[ 18.168245][ T313] kasan_save_stack+0x24/0x50
[ 18.168411][ T313] kasan_save_track+0x14/0x30
[ 18.168576][ T313] kasan_save_free_info+0x3b/0x60
[ 18.168765][ T313] __kasan_slab_free+0x38/0x50
[ 18.168937][ T313] kfree+0x144/0x320
[ 18.169066][ T313] detach_buf_split+0x48d/0x6f0
[ 18.169235][ T313] virtqueue_get_buf_ctx_split+0x294/0x7f0
[ 18.169445][ T313] virtio_fs_requests_done_work+0x231/0x890
[ 18.169658][ T313] process_one_work+0xe43/0x1660
[ 18.169830][ T313] worker_thread+0x591/0xcf0
[ 18.170002][ T313] kthread+0x37b/0x600
[ 18.170145][ T313] ret_from_fork+0x243/0x320
[ 18.170312][ T313] ret_from_fork_asm+0x1a/0x30
[ 18.170476][ T313]
[ 18.170559][ T313] The buggy address belongs to the object at ffff888001932720
[ 18.170559][ T313] which belongs to the cache kmalloc-96 of size 96
[ 18.170984][ T313] The buggy address is located 0 bytes inside of
[ 18.170984][ T313] freed 96-byte region [ffff888001932720, ffff888001932780)
[ 18.171392][ T313]
[ 18.171477][ T313] The buggy address belongs to the physical page:
[ 18.171685][ T313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1932
[ 18.171984][ T313] flags: 0x80000000000000(node=0|zone=1)
[ 18.172157][ T313] page_type: f5(slab)
[ 18.172295][ T313] raw: 0080000000000000 ffff888001042340 ffffea000041ab10 ffffea00004b3f50
[ 18.172605][ T313] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000
[ 18.172908][ T313] page dumped because: kasan: bad access detected
[ 18.173117][ T313]
[ 18.173201][ T313] Memory state around the buggy address:
[ 18.173364][ T313] ffff888001932600: fc fc fc fc 00 00 00 00 00 00 00 00 00 fc fc fc
[ 18.173617][ T313] ffff888001932680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 18.173855][ T313] >ffff888001932700: fc fc fc fc fa fb fb fb fb fb fb fb fb fb fb fb
[ 18.174095][ T313] ^
[ 18.174253][ T313] ffff888001932780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 18.174518][ T313] ffff888001932800: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 fc
[ 18.174764][ T313] ==================================================================
[ 18.175058][ T313] Disabling lock debugging due to kernel taint
[ 247.191028][ T44] INFO: task modprobe:313 blocked for more than 122 seconds.
[ 247.191425][ T44] Tainted: G B 6.16.0-rc2-virtme #1
[ 247.191648][ T44] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[ 247.191944][ T44] task:modprobe state:D stack:25792 pid:313 tgid:313 ppid:152 task_flags:0x400100 flags:0x00004002
[ 247.192285][ T44] Call Trace:
[ 247.192408][ T44]
[ 247.192588][ T44] __schedule+0x862/0x1b00
[ 247.192771][ T44] ? __pfx___schedule+0x10/0x10
[ 247.192944][ T44] ? trace_irq_enable.constprop.0+0xd4/0x130
[ 247.193142][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.193300][ T44] ? schedule+0x1ee/0x270
[ 247.193421][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.193576][ T44] schedule+0xe2/0x270
[ 247.193701][ T44] schedule_preempt_disabled+0x18/0x30
[ 247.193868][ T44] __mutex_lock+0x77f/0xcd0
[ 247.194046][ T44] ? text_poke_set+0x86/0x120
[ 247.194206][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.194361][ T44] ? execmem_free+0x10d/0x1d0
[ 247.194519][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.194670][ T44] ? trace_lock_release+0x2a/0xd0
[ 247.194837][ T44] ? text_poke_set+0x86/0x120
[ 247.194990][ T44] text_poke_set+0x86/0x120
[ 247.195146][ T44] ? __pfx_text_poke_set+0x10/0x10
[ 247.195318][ T44] execmem_free+0x11a/0x1d0
[ 247.195477][ T44] ? __pfx_execmem_free+0x10/0x10
[ 247.195632][ T44] ? emit_its_trampoline+0xa5/0x300
[ 247.195809][ T44] ? __kasan_check_byte+0x3a/0x50
[ 247.195969][ T44] ? krealloc_noprof+0x3d/0x320
[ 247.196126][ T44] ? execmem_alloc+0xc0/0x240
[ 247.196282][ T44] emit_its_trampoline+0x258/0x300
[ 247.196436][ T44] ? __x86_indirect_paranoid_thunk_rax+0x2/0x2
[ 247.196633][ T44] ? __do_softirq+0x10/0x10
[ 247.196801][ T44] apply_retpolines+0xcf/0x550
[ 247.196960][ T44] ? __pfx_apply_retpolines+0x10/0x10
[ 247.197114][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.197270][ T44] ? irqentry_exit+0x3b/0x90
[ 247.197425][ T44] ? lockdep_hardirqs_on+0x7c/0x110
[ 247.197584][ T44] module_finalize+0x3d5/0x9d0
[ 247.197745][ T44] ? add_kallsyms+0x8d7/0xf40
[ 247.197907][ T44] ? __pfx_module_finalize+0x10/0x10
[ 247.198062][ T44] ? __pfx_cmp_ex_sort+0x10/0x10
[ 247.198218][ T44] ? __pfx_swap_ex+0x10/0x10
[ 247.198372][ T44] load_module+0x139a/0x2660
[ 247.198527][ T44] ? __pfx_load_module+0x10/0x10
[ 247.198681][ T44] ? kernel_read_file+0x3f5/0x550
[ 247.198843][ T44] ? kernel_read_file+0x3d0/0x550
[ 247.199006][ T44] ? __pfx_kernel_read_file+0x10/0x10
[ 247.199163][ T44] ? init_module_from_file+0xe9/0x150
[ 247.199336][ T44] init_module_from_file+0xe9/0x150
[ 247.199491][ T44] ? __pfx_init_module_from_file+0x10/0x10
[ 247.199684][ T44] ? idempotent_init_module+0x31a/0x620
[ 247.199852][ T44] ? __lock_release+0x5d/0x170
[ 247.200013][ T44] ? do_raw_spin_unlock+0x58/0x220
[ 247.200173][ T44] idempotent_init_module+0x335/0x620
[ 247.200331][ T44] ? __pfx_idempotent_init_module+0x10/0x10
[ 247.200523][ T44] ? cap_capable+0x94/0x230
[ 247.200683][ T44] __x64_sys_finit_module+0xca/0x150
[ 247.200843][ T44] ? do_syscall_64+0x85/0x380
[ 247.200998][ T44] do_syscall_64+0xc1/0x380
[ 247.201152][ T44] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.201347][ T44] RIP: 0033:0x7f62353cae5d
[ 247.201512][ T44] RSP: 002b:00007ffea2cc92a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 247.201742][ T44] RAX: ffffffffffffffda RBX: 000055feb03d4c80 RCX: 00007f62353cae5d
[ 247.201977][ T44] RDX: 0000000000000000 RSI: 000055fe8c405a2a RDI: 0000000000000000
[ 247.202207][ T44] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007ffea2cc93e0
[ 247.202436][ T44] R10: 0000000000000000 R11: 0000000000000246 R12: 000055fe8c405a2a
[ 247.202666][ T44] R13: 000055feb03d4d40 R14: 000055feb03d4dc0 R15: 000055feb03d4cec
[ 247.202906][ T44]
[ 247.203037][ T44] INFO: task modprobe:313 is blocked on a mutex likely owned by task modprobe:313.
[ 247.203295][ T44] task:modprobe state:D stack:25792 pid:313 tgid:313 ppid:152 task_flags:0x400100 flags:0x00004002
[ 247.203623][ T44] Call Trace:
[ 247.203745][ T44]
[ 247.203850][ T44] __schedule+0x862/0x1b00
[ 247.204017][ T44] ? __pfx___schedule+0x10/0x10
[ 247.204173][ T44] ? trace_irq_enable.constprop.0+0xd4/0x130
[ 247.204364][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.204521][ T44] ? schedule+0x1ee/0x270
[ 247.204639][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.204804][ T44] schedule+0xe2/0x270
[ 247.204925][ T44] schedule_preempt_disabled+0x18/0x30
[ 247.205081][ T44] __mutex_lock+0x77f/0xcd0
[ 247.205238][ T44] ? text_poke_set+0x86/0x120
[ 247.205410][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.205565][ T44] ? execmem_free+0x10d/0x1d0
[ 247.205724][ T44] ? rcu_is_watching+0x12/0xc0
[ 247.205887][ T44] ? trace_lock_release+0x2a/0xd0
[ 247.206046][ T44] ? text_poke_set+0x86/0x120
[ 247.206201][ T44] text_poke_set+0x86/0x120
[ 247.206355][ T44] ? __pfx_text_poke_set+0x10/0x10
[ 247.206517][ T44] execmem_free+0x11a/0x1d0
[ 247.206672][ T44] ? __pfx_execmem_free+0x10/0x10
[ 247.206836][ T44] ? emit_its_trampoline+0xa5/0x300
[ 247.206996][ T44] ? __kasan_check_byte+0x3a/0x50
[ 247.207156][ T44] ? krealloc_noprof+0x3d/0x320
[ 247.207312][ T44] ? execmem_alloc+0xc0/0x240
[ 247.207470][ T44] emit_its_trampoline+0x258/0x300
[ 247.207626][ T44] ? __x86_indirect_paranoid_thunk_rax+0x2/0x2
[ 247.207847][ T44] ? __do_softirq+0x10/0x10
[ 247.208006][ T44] apply_retpolines+0xcf/0x550
[ 247.208171][ T44] ? __pfx_apply_retpolines+0x10/0x10
[ 247.208326][ T44] ? __pfx___mutex_lock+0x10/0x10
[ 247.208482][ T44] ? irqentry_exit+0x3b/0x90
[ 247.208638][ T44] ? lockdep_hardirqs_on+0x7c/0x110
[ 247.208804][ T44] module_finalize+0x3d5/0x9d0
[ 247.208964][ T44] ? add_kallsyms+0x8d7/0xf40
[ 247.209119][ T44] ? __pfx_module_finalize+0x10/0x10
[ 247.209276][ T44] ? __pfx_cmp_ex_sort+0x10/0x10
[ 247.209438][ T44] ? __pfx_swap_ex+0x10/0x10
[ 247.209596][ T44] load_module+0x139a/0x2660
[ 247.209760][ T44] ? __pfx_load_module+0x10/0x10
[ 247.209922][ T44] ? kernel_read_file+0x3f5/0x550
[ 247.210079][ T44] ? kernel_read_file+0x3d0/0x550
[ 247.210237][ T44] ? __pfx_kernel_read_file+0x10/0x10
[ 247.210394][ T44] ? init_module_from_file+0xe9/0x150
[ 247.210551][ T44] init_module_from_file+0xe9/0x150
[ 247.210705][ T44] ? __pfx_init_module_from_file+0x10/0x10
[ 247.210906][ T44] ? idempotent_init_module+0x31a/0x620
[ 247.211062][ T44] ? __lock_release+0x5d/0x170
[ 247.211217][ T44] ? do_raw_spin_unlock+0x58/0x220
[ 247.211373][ T44] idempotent_init_module+0x335/0x620
[ 247.211528][ T44] ? __pfx_idempotent_init_module+0x10/0x10
[ 247.211726][ T44] ? cap_capable+0x94/0x230
[ 247.211900][ T44] __x64_sys_finit_module+0xca/0x150
[ 247.212059][ T44] ? do_syscall_64+0x85/0x380
[ 247.212214][ T44] do_syscall_64+0xc1/0x380
[ 247.212369][ T44] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 247.212558][ T44] RIP: 0033:0x7f62353cae5d
[ 247.212719][ T44] RSP: 002b:00007ffea2cc92a8 EFLAGS: 00000246 ORIG_RAX: 0000000000000139
[ 247.212961][ T44] RAX: ffffffffffffffda RBX: 000055feb03d4c80 RCX: 00007f62353cae5d
[ 247.213192][ T44] RDX: 0000000000000000 RSI: 000055fe8c405a2a RDI: 0000000000000000
[ 247.213418][ T44] RBP: 0000000000040000 R08: 0000000000000000 R09: 00007ffea2cc93e0
[ 247.213646][ T44] R10: 0000000000000000 R11: 0000000000000246 R12: 000055fe8c405a2a
[ 247.213886][ T44] R13: 000055feb03d4d40 R14: 000055feb03d4dc0 R15: 000055feb03d4cec
[ 247.214117][ T44]
[ 247.214239][ T44] INFO: lockdep is turned off.
HARD STOP (264.475892)
WAIT TIMEOUT stderr
Ctrl-C stderr
Ctrl-C stderr